From: Maxime Devos <maximedevos@telenet.be>
To: Liliana Marie Prikler <liliana.prikler@gmail.com>,
fesoj000 <fesoj000@gmail.com>,
54309@debbugs.gnu.org
Subject: [bug#54309] What is the process from here?
Date: Sun, 20 Mar 2022 00:09:52 +0100 [thread overview]
Message-ID: <b311a2b72fd271fd3e7b78a8aca11cd4896fe49c.camel@telenet.be> (raw)
In-Reply-To: <87f117ba35bb40fe063d5cd0bee61039a5f9801e.camel@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 982 bytes --]
Liliana Marie Prikler schreef op vr 18-03-2022 om 23:36 [+0100]:
> > +(define (auditd-activation config)
> > + (with-imported-modules '((guix build utils))
> > + #~(begin
> > + (use-modules (guix build utils))
> > + (let ((var-log-audit "/var/log/audit"))
> > + (umask #o077)
> > + (mkdir-p var-log-audit)))))
> > +
> This would also apply umask 077 to /var and /var/log if those don't
> already exist. More importantly, code executed after that will also
> inherit the umask, which I don't think is the intended consequence.
More concretely, the procedure 'mkdir-p/perms' would address the umask
issue, but not the potential ‘oops too restrictive permissions for /var
and /var/log' issue. Additionally, as var-log-audit is only used in a
single place, you could simplify to
#~(begin
(use-modules ...)
(mkdir-p/perms "/var/log/audit"))
here.
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
next prev parent reply other threads:[~2022-03-19 23:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 19:21 [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd fesoj000
2022-03-09 19:36 ` Maxime Devos
2022-03-09 20:44 ` fesoj000
2022-03-09 21:00 ` fesoj000
2022-03-10 7:12 ` Liliana Marie Prikler
2022-03-10 10:36 ` fesoj000
2022-03-10 16:29 ` fesoj000
2022-03-18 19:17 ` [bug#54309] What is the process from here? fesoj000
2022-03-18 20:06 ` Liliana Marie Prikler
2022-03-18 21:48 ` fesoj000
2022-03-18 22:36 ` Liliana Marie Prikler
2022-03-19 11:10 ` fesoj000
2022-03-19 23:09 ` Maxime Devos [this message]
2022-03-22 16:50 ` fesoj000
2022-03-22 20:06 ` Liliana Marie Prikler
2022-03-19 11:34 ` [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd fesoj000
2022-03-19 23:13 ` Maxime Devos
2022-03-20 20:22 ` fesoj000
2022-03-20 20:30 ` Maxime Devos
2022-03-20 20:35 ` Maxime Devos
2022-03-23 20:22 ` [bug#54309] [PATCHv2] " fesoj000
2022-03-23 20:39 ` [bug#54309] [PATCHv3] " fesoj000
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b311a2b72fd271fd3e7b78a8aca11cd4896fe49c.camel@telenet.be \
--to=maximedevos@telenet.be \
--cc=54309@debbugs.gnu.org \
--cc=fesoj000@gmail.com \
--cc=liliana.prikler@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).